Processwire Security Vulnerabilities and Issues — Processwire CVE List

Lucene search

ProcesswireProcesswire

3 matches found

CVE•added 2022/10/31 12:15 p.m.•56 views

CVE-2022-40488

ProcessWire v3.0.200 was discovered to contain a Cross-Site Request Forgery (CSRF).

6.5CVSS6.5AI score0.00204EPSS

CVE•added 2022/10/31 12:15 p.m.•50 views

CVE-2022-40487

ProcessWire v3.0.200 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the Search Users and Search Pages function. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injection of a crafted payload.

6.1CVSS6.3AI score0.00772EPSS

CVE•added 2022/02/24 3:15 p.m.•42 views

CVE-2020-27467

A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php.

7.8CVSS7.4AI score0.79832EPSS